Help with add user to group script

[rlee111]

Hi
I have a working script to create users in AD, I have a working script to create Groups in AD, the naming convention we use goes like this

Users: lsomebody (First letter of first name then Surname. In the user properties general tab we add the department the user belongs to using 2 character e.g. IT)

Groups: ggde_IT (gg=global group, de=department, IT=name of department)

What I want to do is add users to groups depending on what department they are in.

At the moment all users and groups are in the users container in Active Directory

If anyone could point me in the right direction that would be much appreciated.

Rob

 

[markdmac]

bind to your user as objUser
set gpstr as the distinguished name for your group

Then you can do this:

Set objGroup = GetObject(gpstr)
objGroup.Add objUser.ADsPath

I hope you find this post helpful.

Regards,

Mark

 

[rlee111]

Hi

I have come up with this script Which only works if I turn on "on error resume next"

If I turn it off I get the following error at the line: Set objGroup "There is no such object on the server" I cant work out why that is because it works with the "on error" switched on, any Ideas?

Rob

'On Error Resume Next

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objLogonFile = objFSO.OpenTextFile("c:\scripts\logon.txt", ForReading)

Do Until objLogonFile.AtEndOfStream

'ADsPath to User

f_usr = objLogonFile.ReadLine
f_member = "LDAP://cn=" & f_usr & ",cn=users,dc=rldom,dc=modnetwork,dc=company,dc=biz"
Err.Clear
Set objUser = GetObject(f_member)
If Err Then
Wscript.Echo Err.Description
End If

'Extract department info from notes field in user properties

f_usr = objUser.Info
f_start = InStr(f_usr, ")") + 1
f_end = InStr(f_usr, "{") - 1
f_dept = "ggde_" & Mid(f_usr, f_start, + 2)

' ADsPath to group

f_group = "LDAP://cn=" & f_dept & ",cn=users,dc=rldom,dc=modnetwork,dc=company,dc=biz"
Err.Clear
Set objGroup = GetObject(f_group)
If Err.Number <> 0 Then
Wscript.Echo Err.Description
Else
Err.Clear
objGroup.Add(objUser.ADsPath)
If Err.Number <> 0 Then
Wscript.Echo Err.Description
End If
End If

Loop

objLogonFile.Close

 

[markdmac]

f_group = "LDAP://cn=" & f_dept & ",cn=users,dc=rldom,dc=modnetwork,dc=company,dc=biz"

Is that one line or two in your code? Should only be one.

I hope you find this post helpful.

Regards,

Mark

 

[tsuji]

[tt]>f_dept = "ggde_" & Mid(f_usr, f_start, + 2)[/tt]
It is very uncertain that this gives a valid "cn=" & f_dept. In fact, f_usr is a property so free to use that it may be blank. You have too validate the info. There is no such object on the server should be anticipated, and you just have to instruct the script what else to do when it happens.

 

[rlee111]

Hi
I now have a working script that adds users to groups based on what department they work in. I have used the notes field in Telephones property of each user to store information about that user e.g. logon name, full name department etc. This part of the script extracts the information I want

f_usr = objUser.Info
f_start = InStr(f_usr, ")") + 1
f_end = InStr(f_usr, "{") - 1
f_dept = "ggde_" & Mid(f_usr, f_start, + 2)

which is department name, f_dept would then contain the group name e.g. ggde_fi global group department finance, I then add the user to the group.
Thanks for your help

Rob

'Add users to groups based on department

On Error Resume Next

Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objLogonFile = objFSO.OpenTextFile("c:\scripts\logon.txt", ForReading)

Do Until objLogonFile.AtEndOfStream

'ADsPath to User

f_user = objLogonFile.ReadLine
f_member = "LDAP://cn=" & f_user & ",cn=users,dc=rldom,dc=modnetwork,dc=company,dc=biz"
Err.Clear
Set objUser = GetObject(f_member)
If Err Then AdsiErr()


'Extract department info from notes field in user properties

f_usr = objUser.Info
f_start = InStr(f_usr, ")") + 1
f_end = InStr(f_usr, "{") - 1
f_dept = "ggde_" & Mid(f_usr, f_start, + 2)

'ADsPath to group

f_group = "LDAP://cn=" & f_dept & ",cn=users,dc=rldom,dc=modnetwork,dc=company,dc=biz"
Err.Clear
Set objGroup = GetObject(f_group)
If Err Then
AdsiErr()
Else
Err.Clear
objGroup.Add(objUser.ADsPath)
If Err Then
AdsiErr()
Else
Wscript.Echo "User " & f_user & " Has been added to the Global Security Group " & f_dept
End If
End If

Loop

objLogonFile.Close

Sub AdsiErr()
If Err.Number = &H80071392 Then
Wscript.Echo "User " & f_user & " Is already a member of the Global Security Group " & f_dept
ElseIf Err.Number = &H80005000 Then
Wscript.Echo "Incorrect ADsPath, Path not found. Check ADsPath and try again"
Wscript.Quit
Else
e = Hex(Err.Number)
Wscript.Echo "Unexpected Error " & e & "(" & Err.Number & ")"
Wscript.Quit
End If
End Sub

 

[tsuji]

>I now have a working script
I did not look into. What is the difference with the one you said not working? I understand your way to extract the data from note field. The point is what if it is not like you expect which is stored there for one or two account? Are you saying that part has nothing to do with the script not working then? otherwise, what was the problem?

 

[rlee111]

I think It was the error checking I had in place for the first one, not checking properly for if the group exists based on info extracted from the notes field in the telephone property of the users.

I may not be explaining myself very well sorry

Rob